<?php
/*core function of each module, act's like controller*/
function useModel($page_title, $page_keywords, $page_description, $content, $page_template_id, $page_locked){
	session_start();
	
	//including modules
	$query = "SELECT module_filesystem_name FROM kse_modules WHERE module_locked=0 AND module_id > 1";
	$result = mysql_query($query) or die(mysql_error());
	while($row=mysql_fetch_array($result, MYSQL_ASSOC)){
		include_once(real_path ."kse". DIRSEP ."modules". DIRSEP . $row["module_filesystem_name"] . DIRSEP ."kadmin_". $row["module_filesystem_name"] .".php");
	}
	if($content){//check if it's start page or not	
		if(isset($_SESSION["user"])){//check session	
			if(!$_POST){
					$getcontent = "calculateContent". $content;
					//$content = $getcontent();
					
					ob_start();
					ob_implicit_flush(0);
					eval("?>" . $content = $getcontent()); 
					$content  = ob_get_contents();
					ob_end_clean();
					
					return displayTemplatedCode($page_title, $page_keywords, $page_description, $content, $page_template_id, $page_locked);//return site
			}
			else{
				$getcontent = $content. "Content";
				ob_start();
				$getcontent($_POST);
				ob_end_flush();
			}
		}
		else{
			header("Location: ". domain_path ."kse_admin/");	
		}
	}
	else{
		Init($page_title, $page_keywords, $page_description, $content, $page_template_id, $page_locked);
	}
}

function Init($page_title, $page_keywords, $page_description, $content, $page_template_id, $page_locked){
	if(!$_POST){
		if(isset($_SESSION["user"])){
			return displayTemplated($page_title, $page_keywords, $page_description, $content, $page_template_id, $page_locked);
		}
		else{
			/*$query = "SELECT * FROM kse_admin_ip_tables WHERE kse_admin_ip_name='". $_SERVER["REMOTE_ADDR"] . "'";
			$result = mysql_query($query) or die(mysql_error());
			
			if(mysql_num_rows($result)){*/
				echo "log in";
				?>
					<form id="loginform" method="post" enctype="multipart/form-data" action="<?php echo domain_path ?>index.php?route=kse_admin/">
						<label for="login-user">Имя пользывателя</label><input id="login-user" name="user" type="text">
						<label for="login-password">Пароль</label><input id="login-password" name="pwd" type="password">
						<input type="submit" value="Enter" />
					</form>
				<?php
			//}		
		}
	}
	else{
		$query = "SELECT kse_admin_user_id, kse_admin_user_slvl FROM kse_admin_users WHERE kse_admin_user_password='". md5($_POST["pwd"]) . "' AND kse_admin_user_name='". $_POST["user"] ."'";
		$result = mysql_query($query) or die(mysql_error());
		if(mysql_num_rows($result)){
			list($id, $slvl) = mysql_fetch_row($result);
			session_start();
			$_SESSION["user"] = $_POST["user"];
			$_SESSION["user_id"] = $id;
			$_SESSION["slvl"] = $slvl;
			
			//echo $_SESSION["user"];
			header("Location: ". domain_path ."kse_admin/");	
		}
		else{
			header("Location: ". domain_path ."kse_admin/");
		}
	}
}


/*function that display edit form of objects, pages, modules etc*/
function calculateContentView(){
	if(isset($_GET["type"]) && $_GET["type"]!=""){
		//print_r($_GET);exit();
		$submit = "<input id=\"submitbutton\" value=\"Edit\" type=\"button\" onClick=\"submit". $_GET["type"] ."()\"></div>";
		switch($_GET["type"]){
			case "object":
				$query = "SELECT object_id, object_filesystem_name, object_description, object_content, object_locked, object_slvl FROM kse_site_objects WHERE object_id=". $_GET["element"] . " AND object_slvl>=". $_SESSION["slvl"];
				$result = mysql_query($query) or die(mysql_error());
									
				$row = mysql_fetch_assoc($result);
				$content = DisplayFormTemplate($_GET["type"], $row);
			break;
			case "template":
				$query = "SELECT template_id, template_filesystem_name, template_description, template_content, template_locked, template_slvl FROM kse_site_templates WHERE template_id=". $_GET["element"] . " AND template_slvl>=". $_SESSION["slvl"];
				$result = mysql_query($query) or die(mysql_error());
				$row = mysql_fetch_assoc($result);
				
				$query = "SELECT tm_module_id FROM kse_site_template_module WHERE tm_template_id=". $row["template_id"];
				$result = mysql_query($query) or die(mysql_error());
				
				while($row2 = mysql_fetch_assoc($result)){
					$row["modules"][$row2["tm_module_id"]] = $row2["tm_module_id"];
				}
				
				$query = "SELECT to_object_id FROM kse_site_template_objects WHERE to_template_id=". $row["template_id"];
				$result = mysql_query($query) or die(mysql_error());
				
				while($row3 = mysql_fetch_assoc($result)){
					$row["objects"][$row3["to_object_id"]] = $row3["to_object_id"];
				}
				//print_r($row);die();
				DisplayFormTemplate($_GET["type"], $row);
			break;
			case "page":
				$query = "SELECT page_id, page_filesystem_name, page_template_id, page_link_text, page_title, page_keywords, page_description, page_content, page_locked, page_cached, page_slvl FROM kse_site_pages WHERE page_id=". $_GET["element"] . " AND page_slvl>=". $_SESSION["slvl"];
				$result = mysql_query($query) or die(mysql_error());
					
				$row = mysql_fetch_assoc($result);
				$content = DisplayFormTemplate($_GET["type"], $row);
			break;
			case "module":
				$query = "SELECT * FROM kse_modules WHERE module_id=". $_GET["element"] . " AND module_slvl>=". $_SESSION["slvl"];
				$result = mysql_query($query) or die(mysql_error());
					
				$row = mysql_fetch_assoc($result);
				$content = DisplayFormTemplate($_GET["type"], $row);
			break;
		}
	}
}

/*function that display edit form of objects, pages, modules etc - list type*/
function calculateContentList(){
	if(isset($_GET["type"]) && $_GET["type"]!=""){
		//print_r($_GET);
		global $d_types;
		switch($_GET["type"]){
			case "object":
				$query = "SELECT object_id, object_filesystem_name, object_locked FROM kse_site_objects WHERE object_slvl>=". $_SESSION["slvl"];
				$result = mysql_query($query) or die(mysql_error());
				
				while($row = mysql_fetch_array($result)){
					echo "<a class=\"kse-menu-item\" href=\"index.php?route=kse_admin/view/&element=". $row["object_id"] ."&type=". $_GET["type"] ."\">".
					$row["object_filesystem_name"]
					."<img class=\"icons\" src=\"images/icons/edit.png\" /></a>
					<img class=\"icons\" src=\"images/icons/lock". $row["object_locked"] .".png\" />
					<a class=\"kse-menu-item\" onClick=\"kseDelelement('". $_GET["type"] ."', '". $row["object_id"] ."')\"><img class=\"icons\" src=\"images/icons/delete.png\" /></a><br>";
				}
			break;
			case "template":
				$query = "SELECT template_id, template_filesystem_name, template_locked FROM kse_site_templates WHERE template_slvl>=". $_SESSION["slvl"];
				$result = mysql_query($query) or die(mysql_error());
				
				while($row = mysql_fetch_array($result)){
					echo "<a class=\"kse-menu-item\" href=\"index.php?route=kse_admin/view/&element=". $row["template_id"] ."&type=". $_GET["type"] ."\">".
					$row["template_filesystem_name"]
					."<img class=\"icons\" src=\"images/icons/edit.png\" /></a>
					<img class=\"icons\" src=\"images/icons/lock". $row["template_locked"] .".png\" />";
					//<a class=\"kse-menu-item\" onClick=\"kseDelelement('". $_GET["type"] ."', '". $row["template_id"] ."')\"><img class=\"icons\" src=\"images/icons/delete.png\" /></a><br>";
					//index.php?route=kse_admin/list/remove/&element="+ id +"&type="+ type;
					echo "<a class=\"kse-menu-item\" href=\"index.php?route=kse_admin/list/remove/&element=". $row["template_id"] ."&type=". $_GET["type"] ."\"><img class=\"icons\" src=\"images/icons/delete.png\" /></a><br>";
				}
			break;
			case "page":
				//$query = "SELECT page_id, page_filesystem_name, page_title, page_locked FROM kse_site_pages WHERE page_filesystem_path='". $_GET["path"] ."' AND page_slvl>=". $_SESSION["slvl"];
				$query = "SELECT node.page_id, node.page_title, node.page_filesystem_name, node.page_locked, node.page_link_text, (COUNT(parent.page_filesystem_name) - (sub_tree.depth + 1)) AS depth
				FROM kse_site_pages AS node,
					kse_site_pages AS parent,
					kse_site_pages AS sub_parent,
					(
						SELECT node.page_filesystem_name, (COUNT(parent.page_filesystem_name) - 1) AS depth
						FROM kse_site_pages AS node,
						kse_site_pages AS parent
						WHERE node.page_lft BETWEEN parent.page_lft AND parent.page_rgt
						AND node.page_filesystem_name = '". $_GET["path"] ."'
						GROUP BY node.page_filesystem_name
						ORDER BY node.page_lft
					)AS sub_tree
				WHERE node.page_lft BETWEEN parent.page_lft AND parent.page_rgt
					AND node.page_lft BETWEEN sub_parent.page_lft AND sub_parent.page_rgt
					AND sub_parent.page_filesystem_name = sub_tree.page_filesystem_name
					AND node.page_slvl>=". $_SESSION["slvl"] ."
				GROUP BY node.page_filesystem_name
				HAVING depth = 1
				ORDER BY node.page_lft";
				
				$result = mysql_query($query) or die(mysql_error());
				//echo $query;die();
				while($row = mysql_fetch_array($result)){
					echo "<a class=\"kse-menu-item\" href=\"index.php?route=kse_admin/view/&element=". $row["page_id"] ."&type=". $_GET["type"] ."\">". $row["page_link_text"] ."</a>
					<a class=\"kse-menu-item\" href=\"index.php?route=kse_admin/list/&type=page&path=". $row["page_filesystem_name"] ."\">&#x25B6;&#x25B6;&#x25B6;</a>
					<img class=\"icons\" src=\"images/icons/edit.png\" /></a>
					<img class=\"icons\" src=\"images/icons/lock". $row["page_locked"] .".png\" />
					<a class=\"kse-menu-item\" onClick=\"kseDelelement('". $_GET["type"] ."', '". $row["page_id"] ."', '". $_GET["path"] ."')\"><img class=\"icons\" src=\"images/icons/delete.png\" /></a><br>";
				}
			break;
			case "module":
				$query = "SELECT * FROM kse_modules WHERE module_slvl>=". $_SESSION["slvl"];
				$result = mysql_query($query) or die(mysql_error());
				//echo $query;die();
				while($row = mysql_fetch_array($result)){
					echo "<a class=\"kse-menu-item\" href=\"index.php?route=kse_admin/view/&element=". $row["module_id"] ."&type=". $_GET["type"] ."\">". $row["module_filesystem_name"] ."	
					<img class=\"icons\" src=\"images/icons/edit.png\" /></a>
					<img class=\"icons\" src=\"images/icons/lock". $row["module_locked"] .".png\" />
					<a class=\"kse-menu-item\" onClick=\"kseDelelement('". $_GET["type"] ."', '". $row["module_id"] ."')\"><img class=\"icons\" src=\"images/icons/delete.png\" /></a><br>";
				}
			break;
		}
		$linkpath = isset($_GET["path"]) ? $_GET["path"] : "";
		echo "<a class=\"kse-menu-item\" href=\"index.php?route=kse_admin/list/add/&type=". $_GET["type"] ."&parent=". $linkpath ."\">". d_add . $d_types[$_GET["type"]] ."<img class=\"icons\" src=\"images/icons/add.png\" /></a>";
	}
}

/*function - display form for adding objects, pages, modules etc */
function calculateContentAdd(){
	if(isset($_GET["type"]) && $_GET["type"]!=""){
		$content = DisplayFormTemplate($_GET["type"]);
		return $content;
	}
}

/*function - controller for deleting objects, pages, modules etc */
function calculateContentRemove(){
	if(isset($_GET["type"]) && $_GET["type"]!=""){
		switch($_GET["type"]){
			case "object":
				$query = "DELETE FROM kse_site_objects WHERE object_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
				
				$query = "DELETE FROM kse_site_template_objects WHERE to_object_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
			break;
			case "template":
				$query = "DELETE FROM kse_site_templates WHERE template_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
				
				$query = "DELETE FROM kse_site_template_objects WHERE to_template_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
				
				$query = "DELETE FROM kse_site_template_module WHERE tm_template_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
			break;
			case "page":
				//NEED to finish
			
			
				//$query = "DELETE FROM kse_site_pages WHERE page_id=". $_GET["element"];
				//$result = mysql_query($query) or die(mysql_error());
			break;
			case "module":
				//NEED to finish
			break;
		}
	}
}


/*function - controller for editing objects, pages, modules etc */
function editContent($POSTVAR){
	if(isset($_GET["type"]) && $_GET["type"]!=""){
	//print_r($_GET);print_r($POSTVAR);die();
		switch($_GET["type"]){
			case "object":
				$query = "UPDATE kse_site_objects SET object_filesystem_name=\"". $POSTVAR["object_filesystem_name"] ."\", object_description=\"". $POSTVAR["object_description"] ."\", object_content=\"". addslashes($POSTVAR["object_content"]) ."\", object_locked=". $POSTVAR["object_locked"] .", object_edited=". time() .", object_slvl=". $POSTVAR["object_slvl"] ." WHERE object_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
			break;
			case "template":
				$query = "UPDATE kse_site_templates SET template_filesystem_name=\"". $POSTVAR["template_filesystem_name"] ."\", template_description=\"". $POSTVAR["template_description"] ."\", template_content=\"". addslashes($POSTVAR["template_content"]) ."\", template_locked=". $POSTVAR["template_locked"] .", template_edited=". time() .", template_slvl=". $POSTVAR["template_slvl"] ." WHERE template_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
				
				//MODULES
				if(isset($POSTVAR["gmodules"])){
					$query = "SELECT * FROM kse_site_template_module WHERE tm_template_id=".  $_GET["element"] ." ORDER BY tm_module_id";
					$result = mysql_query($query) or die(mysql_error());
					if(mysql_numrows($result)> 0){
						while($row = mysql_fetch_array($result)){
							$msarray[$row["tm_id"]] = $row["tm_module_id"];
						}
										
						//checking if there are modules in mysql tables, and drop different
						$result = array_diff($msarray, $POSTVAR["gmodules"]);
		
						foreach($result as $key => $value){
							$query = "DELETE FROM kse_site_template_module WHERE tm_id=". $key;
							$result = mysql_query($query) or die(mysql_error());
						}						
							
						//checking if there are modules in gmodules array tables, and adding different
						$result = array_diff($POSTVAR["gmodules"], $msarray);
														
						foreach($result as $value){
							$query = "INSERT INTO kse_site_template_module SET tm_template_id=". $_GET["element"] .", tm_module_id=". $value;
							$result = mysql_query($query) or die(mysql_error());
						}
					}
					else{
						foreach($POSTVAR["gmodules"] as $value){
							$query = "INSERT INTO kse_site_template_module SET tm_template_id=". $_GET["element"] .", tm_module_id=". $value;
							$result = mysql_query($query) or die(mysql_error());
						}
					}
				}
				else{
					$query = "DELETE FROM kse_site_template_module WHERE tm_template_id=". $_GET["element"];
					$result = mysql_query($query) or die(mysql_error());
				}
				
				//OBJECTS
				if(isset($POSTVAR["gobjects"])){
					$query = "SELECT * FROM kse_site_template_objects WHERE to_template_id=".  $_GET["element"] ." ORDER BY to_object_id";
					$result = mysql_query($query) or die(mysql_error());
				
					if(mysql_numrows($result)> 0){
						unset($msarray);
						
						while($row = mysql_fetch_array($result)){
							$msarray[$row["to_id"]] = $row["to_object_id"];
						}			
						//checking if there are objects in mysql tables, and drop different
						$result = array_diff($msarray, $POSTVAR["gobjects"]);
		
						foreach($result as $key => $value){
							$query = "DELETE FROM kse_site_template_objects WHERE to_id=". $key;
							$result = mysql_query($query) or die(mysql_error());
						}						
							
						//checking if there are objects in gobjects array tables, and adding different
						$result = array_diff($POSTVAR["gobjects"], $msarray);
						
						foreach($result as $value){
							$query = "INSERT INTO kse_site_template_objects SET to_template_id=". $_GET["element"] .", to_object_id=". $value;
							$result = mysql_query($query) or die(mysql_error());
						}
					}
					else{
						foreach($POSTVAR["gobjects"] as $value){
							$query = "INSERT INTO kse_site_template_objects SET to_template_id=". $_GET["element"] .", to_object_id=". $value;
							$result = mysql_query($query) or die(mysql_error());
						}
					}
				}
				else{
					$query = "DELETE FROM kse_site_template_objects WHERE to_template_id=". $_GET["element"];
					$result = mysql_query($query) or die(mysql_error());
				}
			break;
			case "page":
				$query = "UPDATE kse_site_pages SET page_template_id=". $POSTVAR["page_template_id"] .",page_filesystem_name='". $POSTVAR["page_filesystem_name"] ."', page_link_text='". $POSTVAR["page_link_text"] ."', page_title='". $POSTVAR["page_title"] ."', page_keywords='". $POSTVAR["page_keywords"] ."', page_description='". $POSTVAR["page_description"] ."', page_content='". addslashes($POSTVAR["page_content"]) ."', page_locked=". $POSTVAR["page_locked"] .", page_cached=". $POSTVAR["page_cached"] .", page_slvl=". $POSTVAR["page_slvl"] ." WHERE page_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
			break;
			case "module":
				$query = "UPDATE kse_modules SET module_filesystem_name='". $POSTVAR["module_filesystem_name"] ."', module_description='". $POSTVAR["module_description"] ."', module_locked=". $POSTVAR["module_locked"] .", module_slvl=". $POSTVAR["module_slvl"] ." WHERE module_id=". $_GET["element"];
				$result = mysql_query($query) or die(mysql_error());
			break;
		}
	}
}


/*function - controller for adding objects, pages, modules etc */
function addContent($POSTVAR){
	if(isset($_GET["type"]) && $_GET["type"]!=""){
	//print_r($_GET);print_r($POSTVAR);die();
		switch($_GET["type"]){
			case "object":
				//echo "here";die();
				$query = "INSERT INTO kse_site_objects SET object_filesystem_name=\"". $POSTVAR["object_filesystem_name"] ."\", object_description=\"". $POSTVAR["object_description"] ."\", object_content=\"". addslashes($POSTVAR["object_content"]) ."\", object_locked=". $POSTVAR["object_locked"] .", object_edited=". time();
				$result = mysql_query($query) or die(mysql_error());
			break;
			case "template":
				//echo "<code>";print_r($POSTVAR);echo "</code>";die();
				$query = "INSERT INTO kse_site_templates SET template_filesystem_name=\"". $POSTVAR["template_filesystem_name"] ."\", template_description=\"". $POSTVAR["template_description"] ."\", template_content=\"". addslashes($POSTVAR["template_content"]) ."\", template_locked=". $POSTVAR["template_locked"] .", template_edited=". time();
				$result = mysql_query($query) or die(mysql_error());
					
				$query = "SELECT template_id FROM kse_site_templates WHERE template_filesystem_name='". $POSTVAR["template_filesystem_name"] ."'";
				$result = mysql_query($query) or die(mysql_error());
				list($template_id) = mysql_fetch_row($result);
			
				if(isset($POSTVAR["gmodules"])){
					foreach($POSTVAR["gmodules"] as $value){
						$query = "INSERT INTO kse_site_template_module SET tm_template_id=". $template_id .", tm_module_id=". $value;
						$result = mysql_query($query) or die(mysql_error());
					}
				}
				if(isset($POSTVAR["gobjects"])){
					foreach($POSTVAR["gobjects"] as $value){
						$query = "INSERT INTO kse_site_template_objects SET to_template_id=". $template_id .", to_object_id=". $value;
						$result = mysql_query($query) or die(mysql_error());
					}
				}
			break;
			case "page":
				$query = "SELECT page_rgt, page_lft FROM kse_site_pages WHERE page_filesystem_name='". $POSTVAR["parent"] ."'";
				$result = mysql_query($query) or die(mysql_error());
				//echo $query;die();
				$row = mysql_fetch_row($result);
				if(($row[0] - $row[1] < 2)){//check if done is leaf --has no childs
					//leaf
					$query = "LOCK TABLE kse_site_pages WRITE";
					$result = mysql_query($query) or die(mysql_error());
					
					$query = "SELECT page_lft FROM kse_site_pages WHERE page_filesystem_name = '". $POSTVAR["parent"] ."'";
					$result = mysql_query($query) or die(mysql_error());
					list($mylft) = mysql_fetch_row($result);
					
					$query = "UPDATE kse_site_pages SET page_rgt = page_rgt + 2 WHERE page_rgt > ". $mylft ."";
					$result = mysql_query($query) or die(mysql_error());
					
					$query = "UPDATE kse_site_pages SET page_lft = page_lft + 2 WHERE page_lft > ". $mylft ."";
					$result = mysql_query($query) or die(mysql_error());
					
					$query = "INSERT INTO kse_site_pages(page_filesystem_name, page_template_id,page_link_text, page_title, page_keywords, page_description, page_content, page_slvl, page_lft, page_rgt) VALUES('". $POSTVAR["page_filesystem_name"] ."', ". $POSTVAR["page_template_id"] .", '". $POSTVAR["page_link_text"] ."', '". $POSTVAR["page_title"] ."', '". $POSTVAR["page_keywords"] ."', '". $POSTVAR["page_description"] ."', '". addslashes($POSTVAR["page_content"]) ."', ". $POSTVAR["page_slvl"] .", ". $mylft ." + 1, ". $mylft ." + 2)";
					$result = mysql_query($query) or die(mysql_error());
					
					$query = "UNLOCK TABLES";
					$result = mysql_query($query) or die(mysql_error());
				}
				else{
					//find last subbordinate child
					$query = "SELECT node.page_filesystem_name, (COUNT(parent.page_filesystem_name) - (sub_tree.depth + 1)) AS depth
					FROM kse_site_pages AS node,
						kse_site_pages AS parent,
						kse_site_pages AS sub_parent,
						(
							SELECT node.page_filesystem_name, (COUNT(parent.page_filesystem_name) - 1) AS depth
							FROM kse_site_pages AS node,
							kse_site_pages AS parent
							WHERE node.page_lft BETWEEN parent.page_lft AND parent.page_rgt
							AND node.page_filesystem_name = '". $POSTVAR["parent"] ."'
							GROUP BY node.page_filesystem_name
							ORDER BY node.page_lft
						)AS sub_tree
					WHERE node.page_lft BETWEEN parent.page_lft AND parent.page_rgt
						AND node.page_lft BETWEEN sub_parent.page_lft AND sub_parent.page_rgt
						AND sub_parent.page_filesystem_name = sub_tree.page_filesystem_name
						AND node.page_slvl>=". $_SESSION["slvl"] ."
					GROUP BY node.page_filesystem_name
					HAVING depth = 1
					ORDER BY node.page_lft DESC LIMIT 1";
					$result = mysql_query($query) or die(mysql_error());
					$row = mysql_fetch_row($result);
	
					//INSERTING VALUES
					$query = "LOCK TABLE kse_site_pages WRITE";
					$result = mysql_query($query) or die(mysql_error());

					$query = "SELECT page_rgt FROM kse_site_pages WHERE page_filesystem_name = '". $row[0] ."'";
					$result = mysql_query($query) or die(mysql_error());
					list($myrgt) = mysql_fetch_row($result);
					
					$query = "UPDATE kse_site_pages SET page_rgt = page_rgt + 2 WHERE page_rgt > ". $myrgt ."";
					$result = mysql_query($query) or die(mysql_error());
					
					$query = "UPDATE kse_site_pages SET page_lft = page_lft + 2 WHERE page_lft > ". $myrgt ."";
					$result = mysql_query($query) or die(mysql_error());

					$query = "INSERT INTO kse_site_pages(page_filesystem_name, page_template_id, page_link_text, page_title, page_keywords, page_description, page_content, page_slvl, page_lft, page_rgt) VALUES('". $POSTVAR["page_filesystem_name"] ."', '". $POSTVAR["page_template_id"] ."', '". $POSTVAR["page_link_text"] ."', '". $POSTVAR["page_title"] ."', '". $POSTVAR["page_keywords"] ."', '". $POSTVAR["page_description"] ."', '". $POSTVAR["page_content"] ."', ". $POSTVAR["page_slvl"] .", ". $myrgt ." + 1, ". $myrgt ." + 2)";
					$result = mysql_query($query) or die(mysql_error());
					
					$query = "UNLOCK TABLES";
					$result = mysql_query($query) or die(mysql_error());
				}
			break;
			case "module":
				case "module":
				$query = "INSERT INTO kse_modules SET module_filesystem_name='". $POSTVAR["module_filesystem_name"] ."', module_description='". $POSTVAR["module_description"] ."', module_locked=". $POSTVAR["module_locked"] .", module_slvl=". $POSTVAR["module_slvl"];
				$result = mysql_query($query) or die(mysql_error());
			break;
		}
	}
}


/*templating function that display 'clean' php code*/
function displayTemplatedCode($page_title, $page_keywords, $page_description, $page_content, $page_template_id, $page_locked){//create page with template
	$query = "SELECT template_id, template_content, template_objects, template_modules  FROM kse_site_templates WHERE template_id='". $page_template_id ."'";
	$result = mysql_query($query);
	
	if(mysql_num_rows($result) > 0){//check if template is exist
		if(!$page_locked){
			list($template_id, $template_content, $template_objects, $template_modules) = mysql_fetch_row($result);
			
			if($template_objects){
				$query = "SELECT SQL_NO_CACHE t2.object_filesystem_name, t2.object_content FROM kse_site_template_objects AS t1 LEFT JOIN kse_site_objects AS t2 ON t1.to_object_id = t2.object_id  WHERE t1.to_template_id=". $template_id .";";
				$objresult = mysql_query($query);
				
				while($objrow = mysql_fetch_assoc($objresult)){
					
					ob_start();
					ob_implicit_flush(0);
					eval("?>" . $objrow["object_content"]); 
					$site_obj_content = ob_get_contents();
					ob_end_clean();
					$template_content = str_replace("<kse>". $objrow["object_filesystem_name"] ."</kse>", $site_obj_content, $template_content);
				}
			}
		
			
			/*returning content*/
			$ksetags = array("<kse>page_title</kse>", "<kse>page_keywords</kse>", "<kse>page_description</kse>", "<kse>page_content</kse>", "<kse>baseurl</kse>");//changing kse special tags on content
			$ksevars = array($page_title, $page_keywords, $page_description, $page_content, domain_path);

			echo str_replace($ksetags, $ksevars, $template_content);
		}
		else{
			return displayError(503);
		}
	}
	else{
		displayDefault($page_content, $page_title, $page_keywords, $page_description);
	}
}


/*templating function for all form-types*/
function DisplayFormTemplate($type, $resources = null){
	if(isset($type) && $type!=""){
		switch($type){
			case "object":
			?>
				<form id="templateform" method="post" enctype="multipart/form-data" action="<?php echo domain_path ."index.php?route=kse_admin/". ((isset($resources["object_id"])) ? "edit/&element=". $resources["object_id"] : "list/add/") ."&type=". $type ?>">
				<label for="object_filesystem_name"><?php echo d_object_filesystem_name ?></label><input id="object_filesystem_name" name="object_filesystem_name" value="<?php echo $resources["object_filesystem_name"] ?>" />
				<label for="object_description"><?php echo d_object_description ?></label><input id="object_description" name="object_description" value="<?php echo $resources["object_description"] ?>" />
				<label for="object_content"><?php echo d_object_content ?></label><textarea id="object_content" name="object_content" rows="30" cols="72"><?php echo $resources["object_content"] ?></textarea>
				<label for="object_slvl"><?php echo d_s_lvl ?></label><input id="object_slvl" name="object_slvl" value="<?php echo isset($resources["object_slvl"]) ? $resources["object_slvl"] : "1"; ?>" />
				<label for="object_locked"><?php echo d_object_locked ?></label>
				<select id="object_locked" name="object_locked">
				<?php
					//locked object
					echo $resources["object_locked"]  ? "<option value=\"0\">". d_n ."</option><option value=\"1\" selected=\"selected\">". d_y ."</option>" : "<option value=\"0\" selected=\"selected\">". d_n ."</option><option value=\"1\">". d_y ."</option>"; 
				?>
				</select>
				
			<?php
			break;
			
			case "template":
			?>
				<form id="templateform" method="post" enctype="multipart/form-data" action="<?php echo domain_path ."index.php?route=kse_admin/". ((isset($resources["template_id"])) ? "edit/&element=". $resources["template_id"] : "list/add/") ."&type=". $type ?>">
				<label for="template_filesystem_name"><?php echo d_template_filesystem_name ?></label><input id="template_filesystem_name" name="template_filesystem_name" value="<?php echo $resources["template_filesystem_name"] ?>" />
				<label for="template_description"><?php echo d_template_description ?></label><input id="template_description" name="template_description" value="<?php echo $resources["template_description"] ?>" />
				<label for="template_content"><?php echo d_template_content ?></label><textarea id="template_content" name="template_content" rows="30" cols="72"><?php echo $resources["template_content"] ?></textarea>
				<label for="template_slvl"><?php echo d_s_lvl ?></label><input id="template_slvl" name="template_slvl" value="<?php echo isset($resources["template_slvl"]) ? $resources["template_slvl"] : "1"; ?>" />
				<label for="template_locked"><?php echo d_template_locked ?></label>
				<select id="template_locked" name="template_locked">
				<?php
					//locked object
					echo $resources["template_locked"]  ? "<option value=\"0\">". d_n ."</option><option value=\"1\" selected=\"selected\">". d_y ."</option>" : "<option value=\"0\" selected=\"selected\">". d_n ."</option><option value=\"1\">". d_y ."</option>"; 
				?>
				</select>
				<fieldset>
				<?php
					echo "<legend>". d_modules ."</legend>";
					$query = "SELECT module_id, module_filesystem_name FROM kse_modules WHERE module_locked = 0 AND module_slvl>=". $_SESSION["slvl"] ." ORDER BY module_id";
					$result = mysql_query($query);
					
					while($row = mysql_fetch_array($result)){
						if(isset($resources["modules"][$row["module_id"]])){
							echo "<input type=\"checkbox\" id =\"gmodules-". $row["module_id"] ."\" name=\"gmodules[]\" value=\"". $row["module_id"] ."\" checked /><label for=\"gmodules-". $row["module_id"] ."\">". $row["module_filesystem_name"] ."</label>";
						}
						else{
							echo "<input type=\"checkbox\" id =\"gmodules-". $row["module_id"] ."\" name=\"gmodules[]\" value=\"". $row["module_id"] ."\" /><label for=\"gmodules-". $row["module_id"] ."\">". $row["module_filesystem_name"] ."</label>";	
						}
					}
				?>
				</fieldset>
				<fieldset>
				<?php
					echo "<legend>". d_objects ."</legend>";
					$query = "SELECT object_id, object_filesystem_name FROM kse_site_objects WHERE object_locked = 0 AND object_slvl>=". $_SESSION["slvl"]." ORDER BY object_id";
					$result = mysql_query($query);
					
					while($row = mysql_fetch_array($result)){
						if(isset($resources["objects"][$row["object_id"]])){
							echo "<input type=\"checkbox\" id =\"gobjects-". $row["object_id"] ."\" name=\"gobjects[]\" value=\"". $row["object_id"] ."\" checked /><label for=\"gobjects-". $row["object_id"] ."\">". $row["object_filesystem_name"] ."</label>";
						}
						else{
							echo "<input type=\"checkbox\" id =\"gobjects-". $row["object_id"] ."\" name=\"gobjects[]\" value=\"". $row["object_id"] ."\" /><label for=\"gobjects-". $row["object_id"] ."\">". $row["object_filesystem_name"] ."</label>";	
						}
					}
				?>
				</fieldset>
			<?php
			break;
			
			case "page":
			?>
				<form id="templateform" method="post" enctype="multipart/form-data" action="<?php echo domain_path ."index.php?route=kse_admin/". ((isset($resources["page_id"])) ? "edit/&element=". $resources["page_id"] : "list/add/") ."&type=". $type ?>">
				<label for="page_filesystem_name"><?php echo d_page_filesystem_name ?></label><input id="page_filesystem_name" name="page_filesystem_name" value="<?php echo $resources["page_filesystem_name"] ?>" />
				<label for="page_link_text"><?php echo d_page_link_text ?></label><input id="page_link_text" name="page_link_text" value="<?php echo $resources["page_link_text"] ?>" />
				<label for="page_title"><?php echo d_page_title ?></label><input id="page_title" name="page_title" value="<?php echo $resources["page_title"] ?>" />
				<label for="page_keywords"><?php echo d_page_keywords ?></label><input id="page_keywords" name="page_keywords" value="<?php echo $resources["page_keywords"] ?>" />
				<label for="page_description"><?php echo d_page_description ?></label><input id="page_description" name="page_description" value="<?php echo $resources["page_description"] ?>" />
				<label for="page_template_id"><?php echo d_page_template_id ?></label>
					<select id="page_template_id" name="page_template_id">
					<?php
						//template
						$query = "SELECT template_id, template_filesystem_name FROM kse_site_templates WHERE template_locked = 0 AND template_slvl>=". $_SESSION["slvl"]." ORDER BY template_id";
						$result = mysql_query($query);
						while($row = mysql_fetch_array($result)){
							if($resources["page_template_id"]===$row["template_id"]){
								echo "<option value=\"". $row["template_id"] ."\" selected=\"selected\">". $row["template_filesystem_name"] ."</option>";
							}
							else{
								echo "<option value=\"". $row["template_id"] ."\">". $row["template_filesystem_name"] ."</option>";
							}
						}	
					?>
					</select>
				<label for="page_content"><?php echo d_page_cont ?></label><textarea id="page_content" name="page_content" rows="30" cols="72"><?php echo $resources["page_content"] ?></textarea>
				<label for="page_slvl"><?php echo d_s_lvl ?></label><input id="page_slvl" name="page_slvl" value="<?php echo isset($resources["page_slvl"]) ? $resources["page_slvl"] : "1"; ?>" />
				<?php echo isset($_GET["parent"]) ? "<input id=\"parent\" name=\"parent\" value=\"". $_GET["parent"] ."\" type=\"hidden\" />" : "" ?>
				<label for="page_locked"><?php echo d_page_locked ?></label>
					<select id="page_locked" name="page_locked">
					<?php
						//locked object
						echo $resources["page_locked"]  ? "<option value=\"0\">". d_n ."</option><option value=\"1\" selected=\"selected\">". d_y ."</option>" : "<option value=\"0\" selected=\"selected\">". d_n ."</option><option value=\"1\">". d_y ."</option>"; 
					?>
					</select>
				<label for="page_cached"><?php echo d_page_cached ?></label>
					<select id="page_cached" name="page_cached">
					<?php
						//page cached
						echo $resources["page_cached"]  ? "<option value=\"0\">". d_n ."</option><option value=\"1\" selected=\"selected\">". d_y ."</option>" : "<option value=\"0\" selected=\"selected\">". d_n ."</option><option value=\"1\">". d_y ."</option>"; 
					?>
					</select>
			<?php	
			break;
			
			case "module":
			?>
				<form id="templateform" method="post" enctype="multipart/form-data" action="<?php echo domain_path ."index.php?route=kse_admin/". ((isset($resources["module_id"])) ? "edit/&element=". $resources["module_id"] : "list/add/") ."&type=". $type ?>">
				<label for="module_filesystem_name"><?php echo d_module_filesystem_name ?></label><input id="module_filesystem_name" name="module_filesystem_name" value="<?php echo $resources["module_filesystem_name"] ?>" />
				<label for="module_description"><?php echo d_module_description ?></label><input id="module_description" name="module_description" value="<?php echo $resources["module_description"] ?>" />
				<label for="module_slvl"><?php echo d_s_lvl ?></label><input id="module_slvl" name="module_slvl" value="<?php echo isset($resources["module_slvl"]) ? $resources["module_slvl"] : "1"; ?>" />
				<label for="module_locked"><?php echo d_module_locked ?></label>
					<select id="module_locked" name="module_locked">
					<?php
						//locked object
						echo $resources["module_locked"]  ? "<option value=\"0\">". d_n ."</option><option value=\"1\" selected=\"selected\">". d_y ."</option>" : "<option value=\"0\" selected=\"selected\">". d_n ."</option><option value=\"1\">". d_y ."</option>"; 
					?>
					</select>
			<?php	
			break;
		}
		?>
		<input id="submitbutton" value="Edit" type="submit">
		</form>
		<?php
	}
}
?>
